﻿// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.PolicyValidator
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: 8E14765A-6610-409A-BA36-099A0642905D
// Assembly location: E:\git\ALLIDA\windll\infocard.exe

using Microsoft.InfoCards.Diagnostics;
using System;
using System.ServiceModel;
using System.ServiceModel.Security;
using System.Text;

namespace Microsoft.InfoCards
{
  internal class PolicyValidator
  {
    private InfoCardPolicy m_policy;

    public PolicyValidator(InfoCardPolicy policy)
    {
      InfoCardTrace.Assert(null != policy, "PolicyValidator: policy cannot be null.");
      this.m_policy = policy;
    }

    public virtual void Validate()
    {
      this.ValidateClaims();
      this.ValidateNonWhiteListElements();
      this.ValidateRequestType();
      this.ValidateTokenType();
      this.ValidateKeySize();
      this.ValidatePrivacyVersion();
      this.ValidateKeyTypeSpecified();
      this.ValidateKeyType();
      this.ValidateKeyWrapAlgorithm();
      this.ValidateAppliesTo();
      this.ValidateRecipients();
    }

    protected void ValidateClaims()
    {
      string[] requiredClaims = this.m_policy.RequiredClaims;
      if (requiredClaims == null || requiredClaims.Length == 0)
        throw InfoCardTrace.ThrowHelperError((Exception) new PolicyValidationException(SR.GetString("NoClaimsFoundInPolicy")));
      foreach (string requiredClaim in this.m_policy.RequiredClaims)
      {
        if (!PolicyUtility.IsSelfIssuedClaim(requiredClaim))
          this.ThrowIfSelfIssued((Exception) new UnsupportedPolicyOptionsException(SR.GetString("ServiceDoesNotSupportThisClaim")));
      }
    }

    protected void ValidateNonWhiteListElements()
    {
      if (!this.m_policy.NonWhiteListElementsFound)
        return;
      StringBuilder stringBuilder = new StringBuilder();
      foreach (string whiteListElement in this.m_policy.NonWhiteListElements)
      {
        stringBuilder.Append(" ");
        stringBuilder.Append(whiteListElement);
      }
      this.ThrowIfSelfIssued((Exception) new UnsupportedPolicyOptionsException(SR.GetString("ServiceUnsupportedPolicyElementFound", (object) stringBuilder.ToString())));
    }

    protected void ValidateRequestType()
    {
      if (!string.IsNullOrEmpty(this.m_policy.RequestType) && this.m_policy.MergedPolicy.ProtocolVersionProfile.WSTrust.IssueRequestType != this.m_policy.RequestType)
        throw InfoCardTrace.ThrowHelperError((Exception) new UnsupportedPolicyOptionsException(SR.GetString("OnlyIssueRequestTypeSupported", (object) this.m_policy.RequestType, (object) this.m_policy.MergedPolicy.ProtocolVersionProfile.WSTrust.IssueRequestType)));
    }

    protected void ValidateTokenType()
    {
      if (string.IsNullOrEmpty(this.m_policy.OptionalRstParams.TokenType) || PolicyUtility.IsSelfIssuedTokenType(this.m_policy.OptionalRstParams.TokenType))
        return;
      this.ThrowIfSelfIssued((Exception) new UnsupportedPolicyOptionsException(SR.GetString("ServiceDoesNotSupportThisTokenType")));
    }

    protected void ValidateKeySize()
    {
      if (SecurityKeyTypeInternal.AsymmetricKey == this.m_policy.KeyType && this.m_policy.KeySizeSpecified && 2048U != this.m_policy.KeySize)
        throw InfoCardTrace.ThrowHelperError((Exception) new UnsupportedPolicyOptionsException(SR.GetString("ServiceInvalidAsymmetricKeySize")));
    }

    protected void ValidatePrivacyVersion()
    {
      if (this.m_policy.PrivacyPolicyVersion == 0U && !string.IsNullOrEmpty(this.m_policy.PrivacyPolicyLink) || this.m_policy.PrivacyPolicyVersion != 0U && string.IsNullOrEmpty(this.m_policy.PrivacyPolicyLink))
        throw InfoCardTrace.ThrowHelperError((Exception) new PolicyValidationException(SR.GetString("ServiceInvalidPrivacyNoticeVersion")));
    }

    protected void ValidateKeyTypeSpecified()
    {
      if (SecurityKeyTypeInternal.NoKey == this.m_policy.MergedPolicy.KeyType)
        throw InfoCardTrace.ThrowHelperError((Exception) new PolicyValidationException(SR.GetString("NoProofKeyOnlyAllowedInBrowser", (object) XmlNames.WSIdentity.NoProofKeyTypeValue)));
    }

    protected void ValidateKeyType()
    {
      if (this.m_policy.ImmediateTokenRecipient is X509RecipientIdentity || !this.m_policy.KeyTypeSpecified || this.m_policy.KeyType != SecurityKeyTypeInternal.SymmetricKey)
        return;
      this.ThrowIfSelfIssued((Exception) new UnsupportedPolicyOptionsException(SR.GetString("InvalidKeyOption")));
    }

    protected void ValidateKeyWrapAlgorithm()
    {
      if (string.IsNullOrEmpty(this.m_policy.OptionalRstParams.KeyWrapAlgorithm) || !(this.m_policy.OptionalRstParams.KeyWrapAlgorithm != SecurityAlgorithmSuite.Default.DefaultAsymmetricKeyWrapAlgorithm))
        return;
      this.ThrowIfSelfIssued((Exception) new UnsupportedPolicyOptionsException(SR.GetString("ServiceInvalidArguments")));
    }

    protected void ValidateRecipients()
    {
      this.m_policy.Recipient.Validate();
      this.m_policy.ImmediateTokenRecipient.Validate();
    }

    protected void ValidateAppliesTo()
    {
      if ((EndpointAddress) null == this.m_policy.MergedPolicy.PolicyAppliesTo)
        return;
      if (Uri.Compare(this.m_policy.MergedPolicy.PolicyAppliesTo.Uri, this.m_policy.ImmediateTokenRecipient.Address.Uri, UriComponents.SchemeAndServer, UriFormat.UriEscaped, StringComparison.OrdinalIgnoreCase) != 0)
        throw InfoCardTrace.ThrowHelperError((Exception) new PolicyValidationException(SR.GetString("InvalidAppliesToInPolicy", (object) SR.GetString("RecipientNotFromSameSecurityDomain"))));
      string components1 = this.m_policy.MergedPolicy.PolicyAppliesTo.Uri.GetComponents(UriComponents.Path, UriFormat.UriEscaped);
      string components2 = this.m_policy.ImmediateTokenRecipient.Address.Uri.GetComponents(UriComponents.Path, UriFormat.UriEscaped);
      if (string.IsNullOrEmpty(components1))
        return;
      if (string.IsNullOrEmpty(components2))
        throw InfoCardTrace.ThrowHelperError((Exception) new PolicyValidationException(SR.GetString("InvalidAppliesToInPolicy", (object) SR.GetString("RecipientNotFromSameSecurityDomain"))));
      string lowerInvariant = components1.ToLowerInvariant();
      if (!components2.ToLowerInvariant().StartsWith(lowerInvariant, StringComparison.OrdinalIgnoreCase))
        throw InfoCardTrace.ThrowHelperError((Exception) new PolicyValidationException(SR.GetString("InvalidAppliesToInPolicy", (object) SR.GetString("RecipientNotFromSameSecurityDomain"))));
    }

    private void ThrowIfSelfIssued(Exception e)
    {
      if (InfoCardPolicy.IsSelfIssuedUriPresent(this.m_policy.Issuer))
        throw InfoCardTrace.ThrowHelperError(e);
    }
  }
}
